Vulnerability in Reading Progressbar
CVE-2026-2687
The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capa…
EPSS: 0.000 (12.9th percentile) — read the EPSS interpretation.
Affected products
- Unknown Reading Progressbar — versions 0
References
- wpscan.com/vulnerability/af2e1249-2b69-47b6-85aa-9a6b30c51936/ (exploit, vdb-entry, technical-description)